Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11512
Views
5
Helpful
5
Replies

3850 Upgrade from 3.6.8 to 16.3.6

Jay_F
Level 1
Level 1

‎07-16-2018 06:08 AM - edited ‎03-08-2019 03:41 PM

Hi,

I've set up a test 3850 switch in a stack as I was looking at testing implications of moving from IOS XE 3.6.8E to Denali 16.3.6. I successfully upgraded the switch stack although now I've lost all connectivity to it. I noticed with this IOS it added a load of ACL's and wondered if that could be the problem. Prior to this I have been successfully connecting in via SSH. Any ideas why I would be unable to now access the switch (other than console)

Thanks

2 people had this problem
Labels:
0 Helpful
5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

‎07-16-2018 06:36 AM - edited ‎07-16-2018 06:38 AM

HI there,

Check the release notes for the fix:

 

Note	When you upgrade to Cisco IOS XE Denali 16.3.5 the SSH access is lost, because it 
cannot use the CISCO_IDEVID_SUDI_LEGACY RSA server key. Before upgrade, generate the 
server key using the crypto key generate rsa command in global configuration mode.
To verify whether the RSA server key is available on your device, run the 
show crypto key command.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/release_notes/ol-16-3-3850.html#34570

 

cheers,

Seb

0 Helpful

Jay_F
Level 1
Level 1
In response to Seb Rupik

‎07-16-2018 07:15 AM - edited ‎07-16-2018 07:18 AM

Thanks ok I see that but why would I not be able to ping my switch any longer. Nothing has changed other than upgrading to Denali 16.3.6. I had upgraded via Prime so the files in flash are .pkg in install mode. Can you help with what I would need to do here?

Thanks

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Jay_F

‎07-16-2018 07:27 AM

You have my respect for trying to upgrade switches with Prime. (A few years ago a Prime 2.2 instance removed the running image, failed to upload a new one, didn't verify its presence (or lack of) and rebooted about 40 switches at a secure site. Needless to say, trying to physical access to and then  xmodem'ing IOS back onto these switches made me never use Prime for that function again!)

 

Anyhow... first suspect is Prime. Get a console cable and check the switch. It could have not cleaned the old images off, in creating a second packages.conf boot file. Or perhaps it didn't upload the file correctly. Maybe Prime has invented new ways of botching upgrades since 2.2?!

 

cheers,

Seb.

0 Helpful

inlandprinting
Level 1
Level 1
In response to Seb Rupik

‎11-01-2018 12:59 PM

we are looking to do this update to the 16x versions of IOS-XE.  as part of our standard setup we issue the crypto key gen rsa command and generate our keys.  if we do this when we configure the device initially we should have no need for redoing the keys prior to updating, is that correct?

 

Someone mentioned downgrading, was there a reason?  or specific issue that caused the need to downgrade?

0 Helpful

paul driver
VIP
VIP
In response to inlandprinting

‎11-01-2018 03:45 PM

Hello

 

@inlandprinting wrote:

we are looking to do this update to the 16x versions of IOS-XE.  as part of our standard setup we issue the crypto key gen rsa command and generate our keys.  if we do this when we configure the device initially we should have no need for redoing the keys prior to updating, is that correct?  -  Correct

 

Someone mentioned downgrading, was there a reason?  or specific issue that caused the need to downgrade? -  not checked on the ios-ex version you've installed but one reason could be due to buggy software

try also to clean out any old .bin files of the switches and perform a clean up
request platform software package clean switch all


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card